Re: [libvirt] [PATCHv3] conf: prevent crash with no uuid in cephx auth secret

On 12/03/12 13:35, Ján Tomko wrote: > Fix the null pointer access when UUID is not specified. > Introduce a bool 'uuidUsable' to virStoragePoolAuthCephx that indicates > if uuid was specified or not and use it instead of the pointless > comparison of the static UUID array to NULL. > Add an error message if both uuid and usage are specified. > > Fixes: > Error: FORWARD_NULL (CWE-476): > libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing > null pointer "uuid" to function "virUUIDParse(char const *, unsigned > char *)", which dereferences it. (The dereference is assumed on the > basis of the 'nonnull' parameter attribute.) > Error: NO_EFFECT (CWE-398): > libvirt-0.10.2/src/conf/storage_conf.c:979: array_null: Comparing an > array to null is not useful: "src->auth.cephx.secret.uuid != NULL". > --- > src/conf/storage_conf.c | 20 +++++++++++++++----- > src/conf/storage_conf.h | 1 + > src/storage/storage_backend_rbd.c | 6 ++---- > 3 files changed, 18 insertions(+), 9 deletions(-) > Now it looks OK to me. ACK. Peter